PinnedHow I owned 2150 Discord servers at onceThe one security rule you should follow when developing on publicly available platforms is to never expose application secrets.Jan 15, 2021Jan 15, 2021
Storm-1811’s Quick-Assist phishing could have been worseMicrosoft’s QuickAssist had an XSS vulnerability a few months before the tool was misused to deploy Black Basta ransomware.6d ago6d ago
The story of my first CVE, and questioning myself about ethical hacking.This post is about how I discovered and obtained my very first CVE. I won’t explain how the vulnerability works (sorry!), so don’t worry if…Apr 5, 2022Apr 5, 2022
Dangerous 2FA implementation on TrixCMS.euToday I would like to continue my previous post on TrixCMS.eu stored XSS, specifically its 2FA implementation. Some parts of this post…Oct 8, 2020Oct 8, 2020
Stored XSS via image upload on TrixCMS.euThis new vulnerability on TrixCMS is quite close to the previous one on the main TrixCMS.eu website. Recently, the website implemented a…Sep 17, 2020Sep 17, 2020
Mineweb CMS | XSS stocké via les statistiques visiteurIl y a environ 6 ans, j’ai acquis une bonne partie de mes compétences en Web en développant des sites sur diverses plateformes, et…Jul 31, 2020Jul 31, 2020
TrixCMS.eu XSS stocké via upload SVGCe matin, je découvre l’existence d’un CMS axé multigaming nommé TrixCMS. Ayant déjà trouvé de multiples vulnérabilités sur le CMS dédié à…Jul 30, 2020Jul 30, 2020